Malware Goes ‘Polymorphic’

Malware is evolving, appearing in many forms as malicious code infiltrates computing platforms under many guises.

Security experts refer to this chameleon-like malware as “polymorphic code,” and one researcher using a cloud-based, machine-learning platform to identify security threats found that the vast majority of malware is polymorphic.

In an annual threat assessment. released this week, cybersecurity specialist Webroot reported that 93 percent of malware discovered in 2017 along with 95 percent of “potentially unwanted applications” was polymorphic. The trend continued in 2018, Webroot said Thursday (Feb. 28).

The tactic allows code to appear as a single instance of malware—for example, names, encryption keys or signatures—"so it can be delivered to a large number of people while still evading detection,” the vendor said. Hence, polymorphic malware and applications present different identifiers, defeating pattern-matching security tools that can no longer detect variations.

Indeed, the growing sophistication of exploits against business prompted the authors of cybersecurity report to declare that the “true innovators” in cybersecurity are hackers. “They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results,” added Webroot CTO Hal Lonas.

Webroot also report that 40 percent of malicious URLs were found in what it considered “good” domains. “Legitimate websites are frequently compromised to host malicious content,” the threat researcher said. “To protect users, cybersecurity solutions need URL-level visibility or, when unavailable, domain-level metrics, that accurately represent the dangers.”

On the upside, the threat assessment found improved security on the latest version of Microsoft Windows. “Webroot has seen a relatively steady decline in malware on Windows 10 machines for both consumer and business,” it reported.

Related

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).